Malware

Should I remove “VirTool:Win32/Obfuscator.AMB”?

Malware Removal

The VirTool:Win32/Obfuscator.AMB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What VirTool:Win32/Obfuscator.AMB virus can do?

  • CAPE extracted potentially suspicious content
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Behavioural detection: Injection (inter-process)
  • CAPE detected the embedded win api malware family
  • Binary file triggered YARA rule
  • Yara detections observed in process dumps, payloads or dropped files

How to determine VirTool:Win32/Obfuscator.AMB?



File Info:

name: 37F58D4DF2B39A394885.mlw
path: /opt/CAPEv2/storage/binaries/a36177110620b679958a9e8859d61068f1b8584bfc6472e8a8371a14c94b7bf0
crc32: 221435C2
md5: 37f58d4df2b39a394885a2fb798a7137
sha1: b73be7d0a64136fa745bc3f88ab41b6a3d7d3417
sha256: a36177110620b679958a9e8859d61068f1b8584bfc6472e8a8371a14c94b7bf0
sha512: e8ab04eb09e320575a7fc1654005b8521bca8124cf945a002693df4f21236598caf13c5555ab6e7263e9c6fc83db84ff4df4b2683ef4b6d7cb88009e15041c68
ssdeep: 24576:wtb20pkaCqT5TBWgNQ7aZBB3KpX1t7tOcV6A:5Vg5tQ7aZ3CL405
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14935CF2373DD8361C3B25273BA25B701AEBB7C2506A5F96B2FD4093DB920162521E673
sha3_384: 6f5c57f8158bd1bf981d641af1d37cc3d6dcbd2807f72e65d45a1171afacf869a0ab643d810ff0ad855f3d00d785935c
ep_bytes: e86ace0000e97ffeffffcccc57568b74
timestamp: 2015-02-19 15:49:29


Version Info:

Translation: 0x0809 0x04b0
Comments: Zoek je Ruzie
CompanyName: JWZ Solutions
FileDescription: jeWeet
FileVersion: 1.2.5.2
InternalName: temp.exe
LegalCopyright: © All Rights Reserved 2015
OriginalFilename: temp.exe
ProductName: Zoek je Ruzie
ProductVersion: 1.2.5.2
Assembly Version: 1.6.1.1

VirTool:Win32/Obfuscator.AMB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.Autoit.4!c
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.68910724
FireEyeTrojan.GenericKD.68910724
CAT-QuickHealWin32.AutInject.A
SkyhighBehavesLike.Win32.TrojanAitInject.tc
McAfeeArtemis!37F58D4DF2B3
MalwarebytesMalware.AI.2839578744
SangforVirus.Win32.Save.a
K7AntiVirusTrojan ( 700000111 )
AlibabaTrojan:Win32/Starter.ali2000005
K7GWTrojan ( 700000111 )
Cybereasonmalicious.df2b39
VirITTrojan.Win32.Autoit_c.BRAO
SymantecTrojan.Gen.2
tehtrisGeneric.Malware
ESET-NOD32multiple detections
APEXMalicious
TrendMicro-HouseCallTROJ_FRS.BMA000C315
ClamAVWin.Trojan.Autoit-6931471-0
KasperskyTrojan.Win32.Autoit.ejb
BitDefenderTrojan.GenericKD.68910724
NANO-AntivirusTrojan.Win32.Autoit.doirhj
AvastAutoIt:Agent-AMM [Trj]
TencentWin32.Trojan.Autoit.Fflw
EmsisoftTrojan.GenericKD.68910724 (B)
F-SecureHeuristic.HEUR/AGEN.1321699
DrWebTrojan.Inject2.8296
VIPRETrojan.GenericKD.68910724
TrendMicroTROJ_FRS.BMA000C315
Trapminemalicious.moderate.ml.score
SophosMal/Generic-R
SentinelOneStatic AI – Malicious PE
MAXmalware (ai score=100)
GoogleDetected
AviraHEUR/AGEN.1321699
Kingsoftmalware.kb.a.870
MicrosoftVirTool:Win32/Obfuscator.AMB
XcitiumMalware@#2dgzyscergc7j
ArcabitTrojan.Generic.D41B7E84
ZoneAlarmTrojan.Win32.Autoit.ejb
GDataTrojan.GenericKD.68910724
CynetMalicious (score: 99)
ALYacTrojan.GenericKD.68910724
VBA32Trojan.Autoit
Cylanceunsafe
PandaTrj/Genetic.gen
IkarusTrojan-Dropper.Win32.Autoit
MaxSecureTrojan.Malware.8132666.susgen
AVGAutoIt:Agent-AMM [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_90% (W)
alibabacloudTrojan[dropper]:Win/Autoit.IR

How to remove VirTool:Win32/Obfuscator.AMB?

VirTool:Win32/Obfuscator.AMB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment